Correct a misleading comment regarding the IPSEC_FILTERGIF option.

PR: 57125 Requested by: Adrian Steinmann
author: bms <bms@FreeBSD.org> 2004-06-22 22:02:57 +0000
committer: bms <bms@FreeBSD.org> 2004-06-22 22:02:57 +0000
commit: 4e506800d3a7fc3d26460abdb8bba19c287ef31f (patch)
tree: 8a6b6ae6fb94a0864c4c9cd46ca80fcbd9534ea6 /sys/conf
parent: 030ae438f9659e182b5d632c1d6fce9b34ee111b (diff)
download: FreeBSD-src-4e506800d3a7fc3d26460abdb8bba19c287ef31f.zip
FreeBSD-src-4e506800d3a7fc3d26460abdb8bba19c287ef31f.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index ecb447d..d31f4ff 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -372,9 +372,8 @@ options 	IPSEC_DEBUG		#debug for IP security
 # The default is that packets coming from a tunnel are _not_ processed;
 # they are assumed trusted.
 #
-# Note that enabling this can be problematic as there are no mechanisms
-# in place for distinguishing packets coming out of a tunnel (e.g. no
-# encX devices as found on openbsd).
+# IPSEC history is preserved for such packets, and can be filtered
+# using ipfw(8)'s 'ipsec' keyword, when this option is enabled.
 #
 #options 	IPSEC_FILTERGIF		#filter ipsec packets from a tunnel
author	bms <bms@FreeBSD.org>	2004-06-22 22:02:57 +0000
committer	bms <bms@FreeBSD.org>	2004-06-22 22:02:57 +0000
commit	4e506800d3a7fc3d26460abdb8bba19c287ef31f (patch)
tree	8a6b6ae6fb94a0864c4c9cd46ca80fcbd9534ea6 /sys/conf
parent	030ae438f9659e182b5d632c1d6fce9b34ee111b (diff)
download	FreeBSD-src-4e506800d3a7fc3d26460abdb8bba19c287ef31f.zip FreeBSD-src-4e506800d3a7fc3d26460abdb8bba19c287ef31f.tar.gz